qilingframework
[Support] Working with ARMv8 Binaries expecting MTE and TBI to be enabled
Hi all - not really an issue per say, but more of a request for some suggestions and guidance. Can close this out if that's not acceptable here.
I am working with an ARMv8 binary that appears to be using MTE, which of course requires TBI.
I am seeing writes to otherwise mapped addresses fail due to there being some metadata (presumably an MTE tag) in the upper byte of a 64-bit address. (Specifically, this occurs in je_arena_tdata_get_hard or one of its calls.)
Perhaps this is more of a Unicorn question than a Qiling question, but I'm wondering what might be a good way to work around this, such that I can get this binary running.
I imagine simply working around TBI by somehow masking off the upper byte of virtual addresses will ultimately fail when some MTE checks are performed. Thus, perhaps the best I can do is to identify and hook the underlying allocator(s) to just avoid this entirely? (e.g. just implement my own simple linear allocator in my Qiling script)
I'm currently having the same problem. This is however not a Qiling issue, but rather depedent on the upstream unicorn. I have a hack here which fixes the Unicorn TBI Issue, but am working on a more permanent solution.
Unicorn will update to QEMU 5.1.0 in the near future, which will improve support for TBI binaries.
I'm currently having the same problem. This is however not a Qiling issue, but rather depedent on the upstream unicorn. I have a hack here which fixes the Unicorn TBI Issue, but am working on a more permanent solution.
Unicorn will update to QEMU 5.1.0 in the near future, which will improve support for TBI binaries.
someone pushed a merge including new qemu-5.1.0 into unicorn-engine:dev, but after compilation of this version, MTE is not enabled by default , can you tell me how to enable it ? maybe some cpu state should be set , like call uc_ctl_set_cpu_model ?
https://github.com/unicorn-engine/unicorn/pull/2143
https://github.com/amaanq/unicorn/tree/qemu-5.1.0
